Daily Archives: December 5, 2019

#cybersecurity | #hackerspace | An epidemic of ransomware washes over healthcare

Source: National Cyber Security – Produced By Gregory Evans

Normally, the only types of epidemics that healthcare organizations fight are the microbial kind. But lately, they have been hit with a rash of ransomware attacks, crippling their IT systems and demanding payments to unlock the encrypted system. Many of these attacks have leveraged third-party vendors and Managed Service Providers (MSPs) to magnify and amplify the damage, both inside each victim organization and across multiple entities. Just like the organically based breakouts they seek to contain, these virulent versions of malware use the connections and privileges of vendors who have access to many customer networks as a force multiplier to spread their devastation to as many victims as possible. These attacks are growing both in scale and number as the hackers realize they have a fertile field in healthcare to sow their profitable seeds of chaos and destruction. And recently, 110 nursing homes were impacted by a ransomware infection that spread through a records management provider and locked up all their patients’ medical records, making it difficult to treat their residents.

The dangers are real, and not just to the health providers’ pocketbooks, but to our health. 

Ransomware is affecting health

A recent study actually tied these artificial digital outbreaks to declines in actual patient care. This was demonstrated acutely when a ransomware attack took down the EHR system of Great Plain Health in Nebraska and caused appointments to be rescheduled and other delays in patient care. 

Given that more and more mission-critical medical devices are being attached to networks, including infusion pumps and defibrillators, it is only a matter of time before the first ransomware related, real-world death occurs. What is the cause of his sharp uptick in attacks on healthcare institutions? It is simply a matter of the criminal hacker gangs going where the money is. They are concentrating their efforts to get the greatest impact, and therefore drive desperate hospitals and clinics to pay the ransoms demanded. Because, unlike many other businesses, healthcare organizations have patient care as their primary directive and that trumps all when it comes to systems being down.

Along with this, hackers have realized that many healthcare networks are less protected than other corporate targets. This is due to their reliance on technology providers, many of whom are hesitant to patch their technology and devices for fear of causing outages and downtime. These devices are often running obscure or proprietary operating systems that don’t support typical countermeasures, such as antivirus software. The FDA also imposes strict rules on medical device certification status and doing frequent patches and updates can cause a device to go out of compliance with regulators. This creates an ideal situation for hackers so they can exploit poorly protected or unpatched devices to establish a foothold in a network and spread. 

Healthcare facilities must make cybersecurity a priority

Because of all these drivers, many healthcare providers have not traditionally given security as high a priority in their IT management strategies as they should. However, this latest spate of attacks may be the wake up call for them to start to vet vendors more closely, applying technical controls to those vendors to prevent and limit the effect of attacks and monitoring and auditing vendor remote access with the use of technologies such as Privileged Access Management (PAM) and Vendor Privileged Access Management (VPAM). Otherwise, “death by ransomware” may soon become a checkbox on the coroner’s report. 

To learn more about how you can protect your healthcare facility from a ransomware attack, check out our brochure specifically for healthcare and managing the privileged access given to vendors. 

The post An epidemic of ransomware washes over healthcare appeared first on SecureLink.

*** This is a Security Bloggers Network syndicated blog from SecureLink authored by Tony Howlett. Read the original post at: https://www.securelink.com/blog/healthcare-ransomware/

Source link

The post #cybersecurity | #hackerspace |<p> An epidemic of ransomware washes over healthcare <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cybersecurity | hacker | Mozilla patches 11 vulnerabilities in Firefox 71 and ESR 68.3

Source: National Cyber Security – Produced By Gregory Evans


Mozilla
issued patches for Firefox 71 and Firefox ESR 68.3 fixing 11 high- and
moderate-rated vulnerabilities.

The majority
of the patches were shared between Firefox
71
and ESR 68.3
with Firefox 71 receiving an additional three fixes.

The most
severe of the shared patches are:

  • CVE-2019-17008 is a use-after-free in
    worker destruction issue that if attacked could lead to an exploitable crash.
  • CVE-2019-1372 only effects Windows and
    can occur when setting a thread name on Windows in WebRTC, an incorrect number
    of arguments could have been supplied, leading to stack corruption and a
    potentially exploitable crash.
  • CVE-2019-11745: Out of bounds write
    in NSS when encrypting with a block cipher can cause heap corruption and a
    potentially exploitable crash.
  • CVE-2019-17012: Memory safety bugs that
    if left unpatched could be exploited to run arbitrary code.

The security issues patched just in Firefox 71 were CVE-2019-17013, CVE-2019-11756 and CVE-2019-11703.





Next post in Vulnerabilities

Original Source link

The post #cybersecurity | hacker | Mozilla patches 11 vulnerabilities in Firefox 71 and ESR 68.3 appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cybersecurity | #infosec | Major data center provider hit by ransomware attack, claims report

Source: National Cyber Security – Produced By Gregory Evans

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack.

The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware.

According to security journalist Catalin Cimpanu, who broke the story, the firm was hit by a targeted attack against its network yesterday, and received a ransom message demanding payment for the recovery of encrypted files.

Part of the extortion email obtained by ZDNet reads as follows, seemingly in an attempt to reassure CyrusOne that payment of the ransom will result in the data being recovered:

Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will not cooperate with us. Its not in our interests.

To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.

If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise – time is much more valuable than money.

What isn’t known at present is how the ransomware managed to breach CyrusOne’s systems. However, in the past the REvil ransomware has been distributed through malicious email campaigns using spearphishing and boobytrapped documents, compromising RDP, exploit kits, and other techniques.

ZDNet reports that although CyrusOne has made no public statement about the security incident, at least one of its corporate clients has warned its own customers about the problem.

Financial and brokerage business FIA Tech informed its customers of an outage of their cloud services caused by problems at its data center provider, which ZDnet‘s Cimpanu identified as CyrusOne.

It’s worth remembering that a recovery from a ransomware attack (either by giving in to the extortionists and paying their ransom demand or by restoring from a clean backup) is not complete until the method through which the security breach occurred has been identified and fixed.

After all, the worst thing in the world would be to recover after a ransomware attack only to find yourself hit again by another attack the following week.

As ever, it’s best if you can prevent a ransomware infection in the first place – rather than put your company through the experience of trying to mop up afterwards.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Source link

The post #cybersecurity | #infosec | Major data center provider hit by ransomware attack, claims report appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




MSSP Mergers And Acquisitions List: 26 Managed Security Buyouts to Note

Source: National Cyber Security – Produced By Gregory Evans

A list of 26 MSSP mergers, acquisitions, buyouts & investments involving managed security services providers (MSSPs), Managed Detection & Response (MDR) & more.

This blog offers an ongoing list of managed security services provider (MSSP) mergers and acquisitions that we’ve tracked.

At least five factors are driving the M&A activity, MSSP Alert believes.

  1. Talent: The cyber skills shortage is driving MSSPs to find talent through M&A.
  2. Threats: The growing, shifting threat landscape is inspiring M&A deals to close technology and expertise gaps.
  3. Speed to Market: Acquiring companies can often be a faster path into a new or evolving technology market or business region.
  4. Scale: Smaller MSSPs are merging to counter the scale of larger rivals.
  5. Growth: The traditional MSP market will experience sub-10 percent compound annual growth rates (CAGR) in the years ahead. The MSSP market, in stark contrast, is growing at an 18 percent CAGR.

Updates: This story was originally published May 7, 2019. It was most recently updated December 4, 2019.

19 MSSP Mergers, Acquisitions, Buyouts: The List

Among the M&A deals we’ve tracked:

  1. December 2019: CyberProof acquires Necsia Cybersecurity for managed detection and response (MDR) services.
  2. November 2019: IPKeys buys Top 200 MSSP N-Dimension and gains managed security for the electric grid and more.
  3. November 2019: CynergisTek acquires Backbone Technologies for healthcare and non-healthcare managed security services.
  4. August 2019: Protos Security acquired Security Resources (SRI), uniting two MSSPs. Private equity firm Southfield Capital acquired Protos in February.
  5. October 2019: BPM LLP, a California accounting and consulting firm and value-added reseller (VAR), acquires security, compliance and incident response services provider Adhere Inc..
  6. October 2019: Private equity firm acquires, merges 12 cybersecurity consulting firms. The result: BGH Capital launches CyberCX, a company that specializes in security assurance, incident response and digital forensics, managed security services and other cybersecurity services.
  7. September 2019: EY acquires ElevatedPrompt Solutions for MDR services.
  8. August 2019: Presidio, a midmarket IT solutions provider with a Top 100 MSSP business practice, is acquired by BC Partners for $2.1 billion.
  9. July 2019: Accounting firm EisnerAmper acquires CSAM Marketing, a managed IT services provider (MSP) with cybersecurity risk mitigation & remediation services.
  10. May 2019: Private equity firm Sunstone Partners acquires and merges three MSSPs. The merger — involving Sword & Shield, Terra Verde and TruShield — creates a new national cybersecurity service provider & consulting firm called Avertium.
  11. May 2019: Orange move to acquire SecureLink, setting the stage for a massive European MSSP business combination.
  12. April 11, 2019: Today’s Nuspire buyout of GBprotect.
  13. April 1, 2019: Finnish cybersecurity company Nixu acquired Ezenta, a Danish IT security consulting firm. The combined firm offers managed security services across Europe.
  14. March 2019: Deloitte, a Top 100 MSSP, acquired Converging Data Australia, a cybersecurity firm that partners with AttackIQ, Carbon Black, Phantom & Splunk.
  15. March 2019: NTT Security acquired WhiteHat Security. The deal unites a Top 100 MSSP & an application security provider for DevSecOps teams. Here are details from RSA Conference 2019.
  16. February 2019: Orange acquired SecureData — formerly the UK’s largest independent MSSP.
  17. December 2018: ConnectWise acquired Sienna Group, an MSSP that helps MSPs & technology solutions providers to drive down risk & boost recurring revenues.
  18. October 2018: Top 100 MSSP and PCI compliance expert ControlScan acquired Dunbar Cybersecurity for managed detection and response (MDR), SIEM and SOC capabilities.
  19. August 2018: ADT acquired Secure Designs Inc. (SDI), a well-known MSSP that manages SonicWall firewalls and other security equipment for small business customers.
  20. June 2018: Continuum acquired CARVIR, a Top 100 MSSP that offers managed security, SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) services to MSPs in the SMB (small and midsize business) sector.
  21. May 2018: Midmarket IT solutions provider Presidio acquired MSSP and cybersecurity consulting firm Red Sky Solutions for $40.8 million.
  22. May 2018: Texas-based MSSP Critical Start acquired security orchestration technology firm Advanced Threat Analytics.
  23. April 2018: KPMG, a Top 100 MSSP, acquired Canadian cyber risk services & testing solutions firm Egyde to bolsters its cybersecurity offerings.
  24. April 2018: British MSSP & network security consultancy ITC Secure acquired SBD Advisors, a U.S. cybersecurity advisory firm.
  25. January 2018: Identity & access solutions firm The SCE Group acquired Cayden Security, an MSSP that has risk mitigation expertise.
  26. January 2018: British managed security services provider ITC Secure acquired the cybersecurity practice of business intelligence firm G3 & investment company Kinnevik AB.


Return Home

Source

The post MSSP Mergers And Acquisitions List: 26 Managed Security Buyouts to Note appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof